Sudoripper (In early alpha)

“Tell me your desperate without telling me your desperate”

sudoripper is a program that attempts to locally brute force sudo logins in parallel. It is not a hashcracker. It instead operates by making repeated calls to the su linux command across several processes. sudoripper is intended to be used as last ditch post exploitation tool when dumping /etc/shadow, standard privesc or social engineering fails to work

1. Demo | 2. Features | 3. Installation | 4. Usage

1. Demo

sudoripper demo

2. Features (Still a work in progress!)

  • Highly parallelizable
  • Portable
  • Runs on every distro that has sudo (thank god for go’s cross compilation)
  • Can read from password wordlists
  • Can run exhaustive brute force searches
  • Highly expressive exhaustive brute force options
  • Supports the saving and loading of brute force progress

3. Installation

sudoripper is intended to be used as a post exploitation tool on a local machine you already have access to but where you don’t have any root credentials. It is compiled down to a portable binary, uploaded to the target machine, and ran on it to do the brute forcing.

Prerequisites to compile sudoripper

  • git
  • go (latest version)

Installation steps

1. Clone sudoripper and cd into the project directory

~$ git clone https://github.com/angus-y/sudoripper
~$ cd sudoripper

2. Install required go modules

~$ go mod tidy

3. Compile the executable

Note: Go supports cross compilation, you must modify your GOOS and GOOARCH environment variables to fit the target machine you are compiling for

~$ go build .

The binary should now be in your root directory under the name sudoripper

4. Usage

On the target machine (assuming youve somehow uploaded your binary to it either over ssh, wget, curl, external drive etc)

~$ chmod +x sudoripper
~$ ./sudoripper -u <username> -p <number of parallel processes> -w <wordlist filepath>

Run sudoripper --help to get more detailed help usage. Documentation is still a work in progress and will be worked on when the program increases in complexity

~$ ./sudoripper --help
sudoripper is a program that attempts to locally brute force sudo logins in parallel.

sudoripper was designed with several features in mind
- Highly parallelizable
- Portable
- Runs on every distro that has sudo (thank god for go's cross compilation)
- Can read from wordlists or run exhaustive brute force searches
- Highly expressive exhaustive brute force options
- Supports the saving and loading of brute force progress

sudoripper is intended to be used locally in the post exploitation phase. After gaining access, 
to a machine you can run sudoripper to hopefully bruteforce the root password. The program is
however highly inefficient, noisy and resource hungry since it is quite literally making repeated
calls to the sudo process. Thus sudoripper is intended to be used as a last resort when you are
unable to dump /etc/shadow or do any linux privesc

Usage:
  sudoripper [flags]

Flags:
  -b, --bruteforce string   bruteforce pattern to use
  -h, --help                help for sudoripper
  -p, --parallel int        number of processes to run in parallel when brute forcing. Defaults to 1. DO NOT ABUSE THIS, the more processes you run the more system resources you will eat up (default 1)
  -t, --toggle              Help message for toggle
  -u, --username string     username to bruteforce
  -v, --verbose             Display passwords being tested
  -w, --wordlist string     path of wordlist file to brute force with, each password should be on a separate line

GitHub

View Github